search

Kerberos

hashtag
Goals

Authenticate peers in a distributed environment.

  • Targeted for Athena (at MIT)

Distribute session keys for adding security to sessions between peers.

  • Authentication (the initial goal)

  • Confidentiality (optional)

Single Sign-On.

  • Only one password to remember

  • Daily use (typically)

hashtag
Background: Needham-Schroeder (1978)

A and B trust on a common Key Distribution Center (KDC).

KDC shares a key with every A and B. Central authentication authority.

KDC generates good (random) KabK_{ab} keys.

  • Directly imported by requesters

  • Indirectly obtained by targets

hashtag
Architecture and base concepts

hashtag
Two Kerberos KDC services

  • Authentication Service (AS)

  • Ticket Granting Server (TGS)

hashtag
Entities (principals)

  • All have a secret shared with Kerberos (AS or TGS)

  • People: a key derived from a password:

    • KUK_U = hash(password)

    • Services/servers: key stored in some repository.

  • Requisites

    • Clocks (very well) synchronized.

hashtag
Authentication elements

  • Ticket: required to request a service.

  • Authenticator: proof of the identity of a requester.

hashtag
Tickets and authenticators

hashtag
Ticket

Unforgeable piece of data.

It can only be interpreted by the target service.

Carries the identities of the client that can use it.

Carries a session key.

Carries a validity timestamp.

hashtag
Authenticator

Carries a timestamp of the request.

Carries the identity of the client.

Proves that the client knows the session key.

hashtag
Overview of Kerberos SSO

hashtag
1º Step: Login

Location of the Kerberos servers of the realm.

Authentication of user U by Kerberos (AS).

  • The user gets a Ticket Granting Ticket (TGT) and a session key (KTGTK_{TGT}) for interacting with another Kerberos service (TGS).

  • The TGT can be used to request other tickets needed by the user U to access every service S.

hashtag
2nd step: Authenticated access to servers

U requests Kerberos (TGS) a ticket for accessing S.

  • U uses TGT in the request.

  • U must prove that he is the owner of TGT.

  • U gets a session key (KUS)(K_{US}) and a ticket to S (TUS)(T_{US}).

U uses (TUS)(T_{US}) to make authenticated requests to S.

  • Server S uses TUST_{US} to check the identity of U.

  • U must prove that he is the owner of TUST_{US}.

hashtag
Protocol (of version V5)

hashtag
Pre-authentication alternative

Vulnerable to proactive dictionary attacks! (Kerberoasting).

hashtag
Scalability

hashtag
Authentication scope

Realms.

A kerberos server per realm.

hashtag
Inter-realm cooperation

Fundamental to allow a client from a realm to access a server in another realm.

Realms need to trust authentication performed by other realms.

hashtag
Protocol

Secret keys are shared between TGS servers of different realms.

  • Inter-realm key.

  • Each inter-realm key is associated with a trust path.

A client (user) needs to jump from TGS to TGS to get a ticket.

  • Not particularly user-friendly.

hashtag
Security politics and mechanisms

hashtag
Entity authentication

Secret keys, names, and network addresses.

name/instance@realm (user@ua.pt, ftp/ftp.ua.pt@ua.pt).

hashtag
Validity periods

Timestamps in tickets (hours).

Timestamps in authenticators (seconds, minutes).

hashtag
Replay protections

Nonces (in ticket distributions).

Timestamps / sequence numbers (in authenticators).

hashtag
Protection against an excessive use of session keys

Key distribution in authenticators.

hashtag
Delegation (proxying)

Options and authorizations in tickets.

hashtag
Inter-real authentication

Secret keys shared among TGS services, trust paths.

Ticket issuing from a TGS to another TGS.

hashtag
Security issues

Kerberos KDC can impersonate anyone. Needs maximum security in its administration.

Kerberos KDC may be a single point of failure. Replication is an option since stored keys are seldom updated.

A stolen user password allows others to impersonate the victim in every service of the realm. Stolen TGS credentials are less risky, as their validity is shortly limited (one day, usually).

hashtag
Actual availability

MIT releasesarrow-up-right

Windows versions

  • Windows 2000 adopted Kerberos for inter-domain authentication.

  • Kerberos was modified to accommodate Windows credentials.

Components

  • Kerberos servers/daemons.

  • Libraries for “kerberizing” applications.

  • Support applications.

    • klogin, kpasswd, kadmin.

  • Kerberized applications (clients and servers).

Last updated